95 lines
3.7 KiB
C#
95 lines
3.7 KiB
C#
using System.Collections;
|
|
using System.IO;
|
|
using Org.BouncyCastle.Crypto.Parameters;
|
|
using Org.BouncyCastle.Security;
|
|
using Org.BouncyCastle.Utilities.IO;
|
|
|
|
namespace Org.BouncyCastle.Crypto.Tls;
|
|
|
|
public class TlsECDheKeyExchange : TlsECDHKeyExchange
|
|
{
|
|
protected TlsSignerCredentials mServerCredentials = null;
|
|
|
|
public TlsECDheKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, int[] namedCurves, byte[] clientECPointFormats, byte[] serverECPointFormats)
|
|
: base(keyExchange, supportedSignatureAlgorithms, namedCurves, clientECPointFormats, serverECPointFormats)
|
|
{
|
|
}
|
|
|
|
public override void ProcessServerCredentials(TlsCredentials serverCredentials)
|
|
{
|
|
if (!(serverCredentials is TlsSignerCredentials))
|
|
{
|
|
throw new TlsFatalAlert(80);
|
|
}
|
|
ProcessServerCertificate(serverCredentials.Certificate);
|
|
mServerCredentials = (TlsSignerCredentials)serverCredentials;
|
|
}
|
|
|
|
public override byte[] GenerateServerKeyExchange()
|
|
{
|
|
DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
|
|
mECAgreePrivateKey = TlsEccUtilities.GenerateEphemeralServerKeyExchange(mContext.SecureRandom, mNamedCurves, mClientECPointFormats, digestInputBuffer);
|
|
SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(mContext, mServerCredentials);
|
|
IDigest digest = TlsUtilities.CreateHash(signatureAndHashAlgorithm);
|
|
SecurityParameters securityParameters = mContext.SecurityParameters;
|
|
digest.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
|
|
digest.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
|
|
digestInputBuffer.UpdateDigest(digest);
|
|
byte[] hash = DigestUtilities.DoFinal(digest);
|
|
byte[] signature = mServerCredentials.GenerateCertificateSignature(hash);
|
|
DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);
|
|
digitallySigned.Encode(digestInputBuffer);
|
|
return digestInputBuffer.ToArray();
|
|
}
|
|
|
|
public override void ProcessServerKeyExchange(Stream input)
|
|
{
|
|
SecurityParameters securityParameters = mContext.SecurityParameters;
|
|
SignerInputBuffer signerInputBuffer = new SignerInputBuffer();
|
|
Stream input2 = new TeeInputStream(input, signerInputBuffer);
|
|
ECDomainParameters curve_params = TlsEccUtilities.ReadECParameters(mNamedCurves, mClientECPointFormats, input2);
|
|
byte[] encoding = TlsUtilities.ReadOpaque8(input2);
|
|
DigitallySigned digitallySigned = ParseSignature(input);
|
|
ISigner signer = InitVerifyer(mTlsSigner, digitallySigned.Algorithm, securityParameters);
|
|
signerInputBuffer.UpdateSigner(signer);
|
|
if (!signer.VerifySignature(digitallySigned.Signature))
|
|
{
|
|
throw new TlsFatalAlert(51);
|
|
}
|
|
mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey(TlsEccUtilities.DeserializeECPublicKey(mClientECPointFormats, curve_params, encoding));
|
|
}
|
|
|
|
public override void ValidateCertificateRequest(CertificateRequest certificateRequest)
|
|
{
|
|
byte[] certificateTypes = certificateRequest.CertificateTypes;
|
|
for (int i = 0; i < certificateTypes.Length; i++)
|
|
{
|
|
switch (certificateTypes[i])
|
|
{
|
|
case 1:
|
|
case 2:
|
|
case 64:
|
|
continue;
|
|
}
|
|
throw new TlsFatalAlert(47);
|
|
}
|
|
}
|
|
|
|
public override void ProcessClientCredentials(TlsCredentials clientCredentials)
|
|
{
|
|
if (clientCredentials is TlsSignerCredentials)
|
|
{
|
|
return;
|
|
}
|
|
throw new TlsFatalAlert(80);
|
|
}
|
|
|
|
protected virtual ISigner InitVerifyer(TlsSigner tlsSigner, SignatureAndHashAlgorithm algorithm, SecurityParameters securityParameters)
|
|
{
|
|
ISigner signer = tlsSigner.CreateVerifyer(algorithm, mServerPublicKey);
|
|
signer.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
|
|
signer.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
|
|
return signer;
|
|
}
|
|
}
|